Tag Archives: Russia

Adverts Technologies – 25% Detection Rate – PUP.Optional.Adverts / ToDownload

Hi there! Just a quick post on a file named mediaplayer_update.exe signed by Adverts Technologies.

Adverts Technologies publisher

You can also see the Adverts Technologies certificate by looking under the Digital Signature tab on the file’s properties. According to the certificate, Adverts Technologies is located in Moscow, Russia.

Adverts Technologies cert

The issue with the Adverts Technologies file is that it is detected by many of the antimalware progams. Here are some of the detection names: Generic.E4D, PUP.Optional.Adverts, HEUR/QVM06.1.Malware.Gen, InstallCore ToDownload (PUA), SAPE.InstallCore.2505, Trojan.Win32.Generic!BT and Adware.BrowseFox.Win32.128816.

Adverts Technologies anti-virus

Did you also find an Adverts Technologies? Do you remember the download link? Please post it in the comments below and I’ll upload it to VirusTotal to see if that one is also detected.

Thanks for reading.

Arkhigrad Proekt, TOV – 9% Detection Rate

Hello readers! Just wanted to give you the heads up on a publisher called Arkhigrad Proekt, TOV. Here how Arkhigrad Proekt, TOV appears in the UAC dialog when double-clicking on the Download__15022_i1683705761_il3.exe file:

Arkhigrad Proekt, TOV publisher

You can also view the certificate by right-clicking on the file, and looking under the Digital Signature tab: According to the embedded certificate we can see that Arkhigrad Proekt, TOV is located in Simferopol, Ukraine/Russia and that the certificate is issued by COMODO RSA Code Signing CA.

Arkhigrad Proekt, TOV certificate

Generic.3ED, ADWARE/Amonetize.Gen and PUP.Optional.Amonetize are some detection names according to VirusTotal:

Arkhigrad Proekt, TOV anti-virus report

Did you also find a file digitally signed by Arkhigrad Proekt, TOV? Where did you find it and are the anti-virus programs detecting it? Please share in the comments below.

Thank you for reading.

OOO DIGITAL VEI – 18% Detection Rate – InstallCore

Hello readers! Just a quick post on a publisher called OOO DIGITAL VEI that I found while running some tests for the upcoming FreeFixer release. The suspicious file is named adobe_flash_player.exe.

OOO DIGITAL VEI publisher

Viewing the certificate information is also possible by looking under the digital signature tab for the file. Here the certificate says that OOO DIGITAL VEI is located in Moscow, Russa.

OOO DIGITAL VEI cert

And USERTrust and Comodo is upwards in the certificate chain:

OOO DIGITAL VEI cert chain

What caught my attention was that the download was called adobe_flash_player.exe. This might look like an official Adobe Flash Player download, but it is not. If it was an official download, it should be digitally signed by Adobe Systems Incorporated. Here’s how the authentic Adobe Flash Player looks like when you double click on it. Notice that the “Verified publisher” says “Adobe Systems Incorporated”.
Adobe Systems Incorporated - Adobe Flashplayer Installer

The problem with the OOO DIGITAL VEI file is that it is detected by many of the antivirus software. Here are some of the detection names: W32.HfsAdware.90CE, PUP.Optional.Bundle and InstallCore (fs).

OOO DIGITAL VEI anti-virus report

Did you also find a OOO DIGITAL VEI download? What kind of download was it?

Thank you for reading.

Taras Lapin – 16% Detection Rate According to VirusTotal

Hi there! If you’ve been following me for the last year you know that I’ve been examining many software publishers that put a digital signature on their downloads. Today I found another publisher called Taras Lapin.

Taras Lapin publisher

If you have a Taras Lapin file on your machine you may have noticed that Taras Lapin is displayed as the publisher in the UAC dialog when double-clicking on the file.

Taras Lapin certificate

The certificate is issued by Certum Code Signing CA.

Taras Lapin certum

9 of the scanners detected the file. Some of the detection names for the Download Uc Browser V Handler Zip.exe file are Trojan.Crossrider1.45643, PUA.Multiplug, Multiplug-FAJ and MultiPlug (v).

Taras Lapin anti-virus report

Did you also find an Taras Lapin? Do you remember the download link? Please post it in the comments below and I’ll upload it to VirusTotal to see if that one is also detected.

Thanks for reading.

Roman Ershov – 18% Detection Rate Says VirusTotal

Welcome! Just wanted to give you the heads up on files digitally signed by Roman Ershov.

Roman Ershov pop up

The certificate is issued by Certum Code Signing CA. Mr Ershov appears to be located in Russia.

Roman Ershov certificate

The reason I’m writing this blog post is that the Roman Ershov file is detected by many of the anti-malware progams at VirusTotal. Avast classifies Download.exe as Win32:FakeDownload-G [PUP], Avira names it TR/Crypt.XPACK.Gen, Microsoft classifies it as SoftwareBundler:Win32/InstalleRex and VIPRE classifies it as MultiPlug (v).

Roman Ershov anti-virus report

Did you also find a Roman Ershov file? What kind of download was it?

Thanks for reading.

Ostap Hohlov – 39% Detection Rate – MultiPlug / MPlug / InstalleRex

Hello! Just wanted to give you the heads up on files digitally signed by Ostap Hohlov.

Ostap Hohlov publisher

It is also possible to check a digital signature by looking at a file’s properties. Here’s a screenshot of the Ostap Hohlov certificate.

Ostap Hohlov certificate

The problem with the Ostap Hohlov file is that it is detected by many of the anti-malware progams. Here are some of the detection names: Win32:FakeDownload-G [PUP], Gen:Variant.Adware.MPlug.62, PUP.Optional.MultiPlug, SoftwareBundler:Win32/InstalleRex and MultiPlug (v).

Ostap Hohlov anti-virus report

Did you also run into a download that was digitally signed by Ostap Hohlov? What kind of download was it and was it detected by the anti-malwares at VirusTotal? Please share by posting a comment.

Thank you for reading.

Oleg Odincov – VirusTotal Reports “MultiPlug”

Hello readers! Just a quick post on a publisher called Oleg Odincov that I found while running some tests for the upcoming FreeFixer release.

Here how Oleg Odincov appears in the UAC dialog when double-clicking on the file:

Oleg Odincov publisher

I’m still waiting on the results from VirusTotal, but it sure looks like another variant of the unwanted MultiPlug software.

Oleg Odincov certificate

Did you also find an Oleg Odincov? Do you remember the download link? Please post it in the comments below and I’ll upload it to VirusTotal to see if that one is also detected.

Thanks for reading.

Astori LLC – 18% Detection Rate

Hello! Was looking for some downloads to play around with and found one, digitally signed by Astori LLC. The file is named in such a way that users might think it is a download for the Game of Thrones TV series.

The following screenshot shows the User Account Control dialog when running the Astori LLC file:

Astori LLC publisher

It’s possible to view additional information about the certificate by right-clicking on the file, choosing properties and then clicking on the Digital Signatures tab. According to the certificate we can see that Astori LLC appears to be located in Moscow, Russia and that the certificate is issued by COMODO Code Signing CA 2.

Astori LLC cert

I found an older file, also signed by Astori LLC. This one was detected by 10 of the 57 scanners over at VirusTotal:

Astori LLC virustotal

Did you also find a Astori LLC file? What kind of download was it? If you remember the download link, please post it in the comments below.

Thanks for reading.

IGOR MIHAYLOV – 35% Detection Rate at VirusTotal

Hello! Just wanted to give you the heads up on files digitally signed by IGOR MIHAYLOV.

IGOR MIHAYLOV publisher

It is also possible to check a digital signature by looking at a file’s properties. Here’s a screenshot of the IGOR MIHAYLOV certificate. It seems Igor is located in Russia.

IGOR MIHAYLOV cert

These are the current VirusTotal detections for the file. Trojan.Adware.Graftor.D30592, Generic6.BBOM, a variant of Win32/Adware.MultiPlug.MN, Gen:Variant.Adware.Graftor and SoftwareBundler:Win32/InstalleRex as a few of the detection names for the file I found.

IGOR MIHAYLOV anti-virus report

Did you also find a IGOR MIHAYLOV file? Do you remember where you downloaded it?

Hope this blog post helped you avoid some unwanted software on your machine.

Thanks for reading.

EVGENIY NESTEROV – 24% Detection Rate At VirusTotal

Welcome! Short on time today, but I just wanted to give you the heads up on a publisher called EVGENIY NESTEROV.

This is how EVGENIY NESTEROV appears when running the file:

EVGENIY NESTEROV publisher

The certificate is issued by Certum Code Signing CA. Evgeniy appears to be located in Russia.

EVGENIY NESTEROV digital signature

So, why am I writing about the EVGENIY NESTEROV file? Check out what the anti-malware software report about the file:

EVGENIY NESTEROV virustotal

Avast reports the file as Win32:FakeDownload-F [PUP], Ikarus detects it as PUA.Win32.InstalleRex, Sophos calls it MultiPlug and Tencent classifies it as Trojan.Win32.Qudamah.Gen.6 are a few of the detection names for [share_ebook] MediaWiki Administrators’ Tutorial Guide [ReUpload].exe.

Did you also find a EVGENIY NESTEROV download? What kind of download was it?

Thanks for reading.